Re: VS .NET & SDK vs. IIS LockDown & URLScan
From: Thomas Deml [MS] (thomad@online.microsoft.com)
Date: 10/06/02
- Next message: Thomas Deml [MS]: "Re: Certificates -- Basic Question"
- Previous message: Thomas Deml [MS]: "Re: Anonymous works 1 Day ??"
- In reply to: Mark Chmiel: "VS .NET & SDK vs. IIS LockDown & URLScan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Thomas Deml [MS]" <thomad@online.microsoft.com> Date: Sun, 6 Oct 2002 01:34:18 -0700
Mark,
here is the typical problem vs.net developers face:
Visual Studio
Error: The Web Server Has Been Locked Down and Is Blocking the DEBUG Verb
Stepping into a Web application or XML Web service failed because the IIS
lockdown tool has been run and URLScan has been installed and activated.
This condition blocks IIS from receiving the DEBUG verb.
URLScan is a security tool that works in conjunction with the IIS Lockdown
Tool to give IIS Web site administrators the ability to turn off unnecessary
features and restrict the type of HTTP requests that the server will
process. By blocking specific HTTP requests, the URLScan security tool
prevents potentially harmful requests from reaching the server and causing
damage.
To enable debugging on a Web server with URLScan installed
1.. Locate the Urlscan.ini file. Normally, you will find it in a directory
that looks something like this:
C:\WINNT\System32\Inetsrv\urlscan2.. Create a copy of the file and name it
Urlscan.old.
3.. Open the original copy of the Urlscan.ini file using Notepad or the
text editor of your choice.
4.. In Urlscan.ini, locate the [AllowVerbs] section. Add DEBUG to the
[AllowVerbs] section. If you see ;DEBUG in the [AllowVerbs] section, you can
remove the semicolon (which comments out the verb).
5.. Locate the [DenyVerbs] section. If DEBUG appears in the [DenyVerbs]
section, remove it.
6.. Save the file.
7.. Restart the server or restart IIS.
Hope this helps,
-- Thomas Deml Lead Program Manager Internet Information Services Microsoft Corp. "Mark Chmiel" <markchm@microsoft.com> wrote in message news:1083d01c26d0c$78555a90$36ef2ecf@tkmsftngxa12... > I have recently installed Visual Studio .NET and the > Framework SDK which required the installation of IIS. I > like to keep my system secure so I ran Microsoft Baseline > Security Analyzer which suggested I run IISLOCKD.EXE and > URLSCAN. After doing so, my VS.NET SDK stopped > functioning. What is the proper way to lockdown my IIS, > use URLScan, and still be able to run the VS.NET SDK? So > far it looks like I need to disable security features to > run the demos - that just doesn't make sense.
- Next message: Thomas Deml [MS]: "Re: Certificates -- Basic Question"
- Previous message: Thomas Deml [MS]: "Re: Anonymous works 1 Day ??"
- In reply to: Mark Chmiel: "VS .NET & SDK vs. IIS LockDown & URLScan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
